apache2 2.4.46-4ubuntu1.5 source package in Ubuntu
Changelog
apache2 (2.4.46-4ubuntu1.5) hirsute-security; urgency=medium
* SECURITY UPDATE: DoS or SSRF via forward proxy
- debian/patches/CVE-2021-44224-1.patch: enforce that fully qualified
uri-paths not to be forward-proxied have an http(s) scheme, and that
the ones to be forward proxied have a hostname in
include/http_protocol.h, modules/http/http_request.c,
modules/http2/h2_request.c, modules/proxy/mod_proxy.c,
modules/proxy/proxy_util.c, server/protocol.c.
- debian/patches/CVE-2021-44224-2.patch: don't prevent forwarding URIs
w/ no hostname in modules/proxy/mod_proxy.c,
modules/proxy/proxy_util.c.
- CVE-2021-44224
* SECURITY UPDATE: overflow in mod_lua multipart parser
- debian/patches/CVE-2021-44790.patch: improve error handling in
modules/lua/lua_request.c.
- CVE-2021-44790
-- Marc Deslauriers <email address hidden> Wed, 05 Jan 2022 09:38:48 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Hirsute
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- httpd
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| apache2_2.4.46.orig.tar.gz | 8.9 MiB | 44b759ce932dc090c0e75c0210b4485ebf6983466fb8ca1b446c8168e1a1aec2 |
| apache2_2.4.46-4ubuntu1.5.debian.tar.xz | 897.4 KiB | 9372366c3b30d0a4e290e1279e3d1e384f98e209658ac80bf133978cc098bbfb |
| apache2_2.4.46-4ubuntu1.5.dsc | 3.3 KiB | 8ff30fee567a8933e5ddc3602c583647f48c8c451d50334d514c9a20516cde3a |
Available diffs
Binary packages built by this source
- apache2: No summary available for apache2 in ubuntu hirsute.
No description available for apache2 in ubuntu hirsute.
- apache2-bin: No summary available for apache2-bin in ubuntu hirsute.
No description available for apache2-bin in ubuntu hirsute.
- apache2-bin-dbgsym: No summary available for apache2-bin-dbgsym in ubuntu hirsute.
No description available for apache2-bin-dbgsym in ubuntu hirsute.
- apache2-data: No summary available for apache2-data in ubuntu hirsute.
No description available for apache2-data in ubuntu hirsute.
- apache2-dev: No summary available for apache2-dev in ubuntu hirsute.
No description available for apache2-dev in ubuntu hirsute.
- apache2-doc: No summary available for apache2-doc in ubuntu hirsute.
No description available for apache2-doc in ubuntu hirsute.
- apache2-ssl-dev: No summary available for apache2-ssl-dev in ubuntu hirsute.
No description available for apache2-ssl-dev in ubuntu hirsute.
- apache2-suexec-custom: No summary available for apache2-suexec-custom in ubuntu hirsute.
No description available for apache2-
suexec- custom in ubuntu hirsute.
- apache2-suexec-custom-dbgsym: No summary available for apache2-suexec-custom-dbgsym in ubuntu hirsute.
No description available for apache2-
suexec- custom- dbgsym in ubuntu hirsute.
- apache2-suexec-pristine: No summary available for apache2-suexec-pristine in ubuntu hirsute.
No description available for apache2-
suexec- pristine in ubuntu hirsute.
- apache2-suexec-pristine-dbgsym: No summary available for apache2-suexec-pristine-dbgsym in ubuntu hirsute.
No description available for apache2-
suexec- pristine- dbgsym in ubuntu hirsute.
- apache2-utils: No summary available for apache2-utils in ubuntu hirsute.
No description available for apache2-utils in ubuntu hirsute.
- apache2-utils-dbgsym: No summary available for apache2-utils-dbgsym in ubuntu hirsute.
No description available for apache2-
utils-dbgsym in ubuntu hirsute.
- libapache2-mod-md: No summary available for libapache2-mod-md in ubuntu hirsute.
No description available for libapache2-mod-md in ubuntu hirsute.
- libapache2-mod-proxy-uwsgi: No summary available for libapache2-mod-proxy-uwsgi in ubuntu hirsute.
No description available for libapache2-
mod-proxy- uwsgi in ubuntu hirsute.
